Lappeenranta-Lahti University of Technology LUT School of Business and Management
Master’s Degree Program in International Marketing Management (MIMM)
Master’s Thesis
AN ANALYSIS OF CONSUMER MOTIVATIONS FOR ACQUIRING ONLINE SECURITY PRODUCTS
Jenni Nuorala 2019 1st Supervisor: Juha Väätänen 2nd Supervisor: Igor Laine
ABSTRACT
Author Jenni Nuorala
Title An analysis of consumer motivations for acquiring online security products
Faculty School of Business and Management
Master’s Programme International Marketing Management (MIMM)
Year 2019
University Lappeenranta-Lahti University of Technology LUT Master’s Thesis 88 pages, 26 figures, 7 tables and 6 appendices
Examiners Professor Juha Väätänen & Associate Professor Igor Laine Keywords online security, cyber security, computer security, mobile security, consumer motivation, protection motivation theory The purpose of this study is to analyse consumer motivations for acquiring online security products and how this motivation can be encouraged through marketing communication. While looking at the consumer motivation generally, the study aims to fill a research gap by analysing the impact of different online threats on the motivation.
Based on the existing research, Protection motivation theory (PMT) was chosen as the central theory for this study. PMT proposes that individuals are motivated to protect themselves based on the perceived severity of a threat, the perceived vulnerability of this threat, the perceived self-efficacy and the efficacy of the protective action.
Primary data was collected through the mixed methods approach, which combined quantitative and qualitative data collection methods, one after another. Quantitative data was collected through an online questionnaire (n=101) and qualitative data through unstructured interviews (n=8). Quantitative data collection was built around PMT, whereas in addition to deepening the quantitative data, qualitative data collection was open for new discoveries around consumer motivation. The quantitative findings indicated that individuals perceive all the studied threats either severe or very severe.
However, on average, they perceive themselves less vulnerable to these threats. The highest perceived vulnerability and severity did not exist for the same threats. The most severe threats were related to money, such as online shopping and online banking.
Whereas the threat with the highest vulnerability was for a computer getting a virus.
On top of PMT related factors, the qualitative data findings highlighted themes such as the notion that online security is simply necessary on internet-connected devices and it brings peace of mind.
The study concludes that consumer motivation to acquire online security is a combination of multiple factors, such as needs, prior experiences, overall feeling of necessity, family and friends, and the factors shown in PMT. In terms of different online threats, certain threat scenarios can potentially affect the motivation to acquire online security, however, the low vulnerability rates for multiple threats challenge the motivation formation. To increase the motivation, marketers should aim to communicate where the need for security is already existing, such as when the consumer is purchasing a new device. Marketers should also use right levels of fear and increase the perceived vulnerability for various threats by explaining the likelihood of those threats. Finally, marketers should use communication to enhance the self- efficacy and response-efficacy.
TIIVISTELMÄ
Tekijä Jenni Nuorala
Tutkielman nimi Analyysi kuluttajien motivaatiosta hankkia verkkoturvatuote Tiedekunta Kauppatieteellinen tiedekunta
Pääaine International Marketing Management (MIMM)
Vuosi 2019
Yliopisto Lappeenranta-Lahti University of Technology LUT Pro Gradu -tutkielma 88 sivua, 26 kaaviota, 7 taulukkoa ja 6 liitettä
Tarkastajat Professori Juha Väätänen & Tutkijatohtori Igor Laine Avainsanat tietoturva, verkkoturva, kyberturvallisuus,
suojelumotivaatioteoria, kuluttajamotivaatio
Tämän tutkielman tarkoituksena on tutkia kuluttajien motivaatiota hankkia verkkoturvatuote ja miten tätä motivaatiota voi kasvattaa markkinointiviestien avulla.
Tutkimus käsittelee kuluttajien motivaatiota yleisemmällä tasolla, sekä pyrkii täyttämään tutkimusaukon tutkimalla eri verkkouhkien vaikutusta tähän motivaatioon.
Aiempien tutkimusten perusteella suojelumotivaatioteoria (Protection motivation theory, PMT) valittiin tutkimuksen keskiöön. Teorian mukaan yksilön motivaatio suojautua perustuu koettuun uhkan vakavuuteen, koettuun uhkan todennäköisyyteen, suojaavan toiminnan tehokkuuteen sekä koettuihin omiin kykyihin suojautua.
Primaaridata kerättiin yhdistämällä kvantitatiivista ja kvalitatiivista tutkimusta peräjälkeen. Kvantitatiivinen data kerättiin verkkokyselyllä (n=101) ja kvalitatiivinen avoimella haastattelulla (n=8). Kvantitatiivinen tutkimus perustui suojelumotivaatioteoriaan, jota kvalitatiivinen tutkimus pyrki syventämään.
Kvalitatiivinen tutkimus mahdollisti myös uusien teemojen löytämisen kuluttajamotivaation ympärillä. Kvantitatiivisten tulosten perusteella kuluttajat kokivat kaikki tutkitut uhkat vakaviksi, mutta eivät kokeneet yhtä todennäköiseksi mahdollista altistumista näille uhkille. Uhkat, jotka koettiin vakavimmiksi ja todennäköisimmiksi yksilölle, eivät olleet samoja. Vakavimmat uhkat liittyivät rahaan, kuten nettipankin käyttöön ja nettiostoksiin. Kun taas uhka, joka koettiin todennäköisimmäksi tapahtuvan yksilölle, liittyi tietokoneviruksiin. Kvalitatiivisen tutkimuksen tulokset korostivat suojelumotivaatioteoriassa käsiteltyjen asioiden lisäksi yleistä ajatusta siitä, että verkkoturva on yksinkertaisesti pakollinen internetiin yhdistetyissä laitteissa ja se antaa mielenrauhaa.
Tutkimuksen perusteella kuluttajien motivaatio hankkia verkkoturvatuote on monen asian summa, jossa yhdistyy kuluttajan tarpeet, aiemmat kokemukset, yleinen tunne turvan pakollisuudesta, perheen sekä ystävien vaikutus, sekä suojelumotivaatioteoriassa korostetut asiat. Eri uhkien kannalta on mahdollista, että jotkut uhkat vaikuttavat kuluttajien motivaatioon, mutta kuitenkin kuluttajien kokemus uhkien todennäköisyydestä hankaloittaa motivaation syntymistä. Kasvattaakseen tätä motivaatioita, markkinoijien tulisi kommunikoida kuluttajille hetkessä, jolloin heillä on konkreettinen tarve, kuten uuden laitteen hankinta. Tämän lisäksi markkinoijien tulisi käyttää sopiva määrä pelkoa kommunikaatiossa ja kouluttaa kuluttajia ymmärtämään eri uhkille altistumisen todennäköisyys. Markkinoijien tulisi myös pyrkiä kasvattamaan kommunikaatiollaan kuluttajien kokemusta heidän omista kyvyistään suojautua sekä kokemusta suojaavan toiminnan tehokkuudesta.
ACKNOWLEDGEMENT
I would like to express my greatest appreciation to LUT University lecturers and other staff, who have made my Master’s degree journey enjoyable, inspiring and interesting.
And I would like to offer my special thanks to Juha Väätänen, my thesis supervisor, who has been encouraging and helpful throughout my thesis writing project.
I wish to thank my current colleagues for being supportive and understanding throughout the past 2 years of my studies. I highly appreciate the flexibility that my supervisor and the team have provided. I also want to thank the team for brainstorming the research topic with me throughout the past year. Special thanks to my colleague Tiina, who spent extra time reading through my thesis on the very final weeks.
Finally, I wish to thank my spouse, family and friends for their support and encouragement throughout my studies. I have enjoyed the past two years at LUT University, but now looking forward to the graduation and the new chapter in my life.
In Helsinki, 19.11.2019
Jenni Nuorala
Table of Contents
1. Introduction ... 1
1.1. Background ... 1
1.2. Online threat landscape ... 2
1.3. Research questions ... 4
1.4. Literature review ... 5
1.5. Theoretical framework... 9
1.6. Definitions of the key concepts ...10
1.7. Delimitations ...10
1.8. Research methodology ...10
1.9. Structure of the study ...12
2. Literature review ...14
2.1. Motivation in consumer behaviour and decision-making ...14
2.1.1. Emotional and rational consumer behaviour ...14
2.2. Consumer behaviour in online security ...16
2.3. Motivation theories ...18
2.3.1. Needs theories ...18
2.3.2. Stimulus-organism-response model ...20
2.4. Motivational constructs...22
2.4.1. Involvement ...22
2.4.2. Perceived risk ...25
2.5. Motivation theories for cyber security and online security ...25
2.5.1. Protection motivation theory ...26
2.5.2. Additions to PMT ...30
2.5.3. Perceived risk of threat and unrealistic optimism ...31
2.5.4. Monetary cost ...32
2.5.5. Intention and behaviour gap ...33
2.6. Summary ...34
3. Research design and methods ...35
3.1. Secondary research ...35
3.2. Primary research ...37
3.2.1. Mixed methods research ...37
3.2.2. Quantitative research ...37
3.2.3. Qualitative research ...42
3.2.4. Data protection for quantitative and qualitative research methods ...44
3.2.5. Pilot tests for quantitative and qualitative research methods ...45
3.2.6. Data analysis of quantitative and qualitative research methods ...46
3.3. Reliability and validity ...46
4. Findings ...50
4.1. Questionnaire respondents’ and interviewees’ profile ...50
4.2. Sources of information ...53
4.3. Perceived threat vulnerability ...54
4.4. Perceived threat severity ...58
4.5. Motivation to purchase ...61
4.6. Combining threat variables across PMT ...64
5. Discussion ...66
5.1. PMT and motivation to acquire online security products ...66
5.1.1. External and internal motivational factors ...66
5.1.2. Different online threats and threat-appraisal process ...67
5.1.3. Coping-appraisal process ...71
5.2. Other motivation theories ...73
5.3. Increasing the motivation for acquiring an online security product ...73
6. Conclusion ...77
6.1. Research questions ...77
6.2. Limitations and recommendations for future research ...80
References ...82
Appendices ...89
Appendices
Appendix 1: Pre-defined threat scenarios Appendix 2: Original questionnaire in Finnish
Appendix 3: Question sections in the questionnaire, translated to English Appendix 4: Share of responses on perceived threat vulnerability variables Appendix 5: Share of responses on perceived threat severity variables Appendix 6: Share of responses on motivation to purchase variables
List of Tables
Table 1: Literature review of PMT and consumer online security research ... 8
Table 2: Key search terms in secondary research ...36
Table 3: Consumer online security product features and key selling points ...38
Table 4: Questionnaire response options ...40
Table 5: Internet usage by age groups in Finland in 2018 ...41
Table 6: Interview guide ...43
Table 7: Interviewees’ self-efficacy and age group ...44
List of Figures Figure 1: Protection motivation theory ... 7
Figure 2: Theoretical framework ... 9
Figure 3: Research methodology process ...11
Figure 4: Structure of the study ...12
Figure 5: A model of consumer behaviour ...15
Figure 6: The satisfaction of human needs in physical and virtual spaces ...19
Figure 7: Generalised needs-based model of motivation ...20
Figure 8: Stimulus-Response 1 ...21
Figure 9: Stimulus-Response 2 ...22
Figure 10: Protection motivation theory ...27
Figure 11: Research methodology process ...35
Figure 12: Secondary research search terms examples ...36
Figure 13: Quantitative and qualitative research age groups ...51
Figure 14: Questionnaire respondents’ self-efficacy ...51
Figure 15: Number of smart devices in respondents' household (questionnaire data) ...52
Figure 16: Number of hours spent on using smart devices per day (questionnaire data) ...53
Figure 17: Perceived threat vulnerability scenarios, mean and median values ...55
Figure 18: Distribution of responses, perceived threat vulnerability ...56
Figure 19: Main questionnaire and interview findings on perceived threat vulnerability...58
Figure 20: Perceived threat severity scenarios, mean and median values ...59
Figure 21: Distribution of responses, perceived threat severity ...60
Figure 22: Main questionnaire and interview findings on perceived threat severity ...61
Figure 23: Motivation to purchase scenarios, mean and median values ...62
Figure 24: Distribution of responses, motivation to purchase ...63
Figure 25: Main questionnaire and interview findings on motivation to purchase ...64
Figure 26: Mean values for perceived threat vulnerability, perceived threat severity and motivation to purchase variables ...65
1 1. Introduction
1.1. Background
Motivation plays a central role in consumer decision-making. Motives provide energy to make daily decisions and thus, drive the behaviour. (Emilien, Weitkunat et al. 2017) However, motivation does not automatically lead to the actual behaviour, as consumer behaviour is a combination of different elements; motivation, ability and opportunity to do an action (Statt 1997). While consumer behaviour is a combination of different elements, motivation is a key part of the behaviour as it travels through or even actuates the behaviour. While its importance is evident, identifying motivations is highly challenging as consumers may not be aware of their own motivations or unwilling to admit them (Wright 2006; Tyagi, Kumar 2004; Blythe 2013).
This study explores consumer motivations in the field of consumer online security. The industry itself poses different challenges, as the number of threats is constantly increasing while the consumers may lack knowledge of how and where these threats are evolving. And from the product perspective, online security solutions, ranging from antivirus and internet security to security routers and VPNs, can be considered as technical, time-consuming and complex. Regardless, the majority of the Finnish population is shown to have at least a certain level of security on their devices.
According to a recent study, 70 % of Finnish people have some internet security product or service on their smartphones. In addition to security, Finns are rather privacy conscious, as 66 % have reported changing their application settings to limit access to personal information. (Statistics Finland 2018a)
While existing literature has explored consumer motivations in the context of online security, this study aims to fill a research gap on how different online threats affect the consumer motivation to acquire an online security product. Understanding the motivations, their sources and how the different threats are tied to the motivation, opens up new opportunities for marketers to communicate their products to consumers.
2 1.2. Online threat landscape
According to studies from different countries, the amount of online crime is large. A British study, done by the National Crime Agency (2016), suggests that 50 % of crime happens online. Similar rates have been recorded in Germany, suggesting that every second German has been a victim of online crime (Bundeskriminalamt 2018). While online crime is growing, the threat landscape is also constantly evolving and as some threats become less common, online criminals are finding new approaches.
In the consumer threat landscape, malwares rank as the most common online threat (F-Secure 2019c). Malware, which is an umbrella term for different malicious software variants, cover a wide range of threats, such as viruses, spyware and ransomware.
There are multiple sources to get a malware, but a recent research done by a cybersecurity company, reported that spam e-mail was the most common method for cyber criminals to spread malware in 2018. Around 70 % of these spam campaigns attempt to trick individuals to visit malicious websites and to download a file containing a malware or commit another action that results in an infection. (F-Secure 2018b) Malware threats are followed by credit card fraud, and SMS and call frauds. While these traditional forms of cybercrime generally are still more common, identity thefts and account take-overs are growing. (F-Secure 2019c) Even though account take- overs, referring to cases in which a criminal illegally gets access to a victim's accounts, are still less common, account details are in danger. In the beginning of 2019 happened the largest ever data breach. Data breaches are security incidents, in which sensitive, protected or confidential information is accessed without authorisation. This breach in 2019 contained more than 770 million account details which were in a public database.
Briefly after this data breach, named as #Collection 1, Collection 2-5 emerged taking the total number of hacked user accounts published to 2.2 billion. (Winder 2019) These data breaches are connected to the use of secure and unique passwords, which has been a relevant topic for a long time. Regardless, a recent study showed that 40 % of the Finnish population use the same password in multiple online services (Nordea 2019).
To understand the importance of online threats, it is necessary to recognise how cyber criminals aim to get money from people. Phishing is one of them. Phishing is a fraudulent method to gather personal information, such as usernames, passwords and
3
credit card details, through messaging services, e-mails and websites. In Finland, multiple banks have informed their customers about phishing attacks. These attacks aim to collect individual's login details and phone numbers, or link users to fake banking sites (Korhonen 2019; Koskinen 2018; OP 2019). Another relatively widely discussed threat, ransomware, aims to make money. Ransomware refers to a malware, a harmful program, which takes the user’s device or data over, and then demands payment to restore the access. In 2017, the largest ransomware outbreak took place, driven by the WannaCry outbreak in May. While in that year ransomware detection reports increased by 415 % compared to the previous year, ransomware activities started to decrease already towards the end of the year. (F-Secure 2018a) Regardless of the decline in 2018, ransomware attacks still play a crucial role as in 2019, ransomware attacks had again more than doubled compared to the previous year. (Palmer 2019) Furthermore, there are also threats that seek access to online banking systems and payment card information. According to Kaspersky (2019), banking trojans, which refer to malicious programs that are designed to get access to credentials in the online banking systems, have been on the rise. In 2019, they were reported to be up by 15 % in comparison to the previous year. Another newer approach by online criminals, is formjacking.
Formjacking, which surged in 2018, aims to inject malicious scripts into websites to steal payment card information (Symantec 2018). These threats do not cover all money-related threats, but instead, show the diversity of them.
Finally, the use of Internet of Things (IoTs) is growing. However, the security of these devices is lagging behind. In 2018, FBI warned consumers about IoT threats stating that cyber criminals typically target devices with weak authentication, unpatched firmware or other software vulnerabilities. Or they employ attacks on devices with default usernames and passwords. (Federal Bureau of Investigation 2018) According to the cybersecurity company F-Secure, threats targeting weak or default credentials, unpatched vulnerabilities, or both, made up 87 % of the observed threats. Thus, many of these threats use predictable and known techniques. (Sattler 2019) From the consumer perspective, three out of four consumers are reported to be aware of the malwares in internet-connected home appliances (Finnish Communications Regulatory Authority 2018).
4
This study takes these different threats into account to evaluate how consumers perceive them, and how they are connected to consumer motivation.
1.3. Research questions
The goal of this study is to explore consumer motivations for acquiring an online security and to understand how these motivations can be encouraged through marketing communication. The aim is to provide theory around consumer behaviour and consumer motivation overall and in the context of online security. The empirical part explores how individual consumers experience pre-defined online threat scenarios, but also evaluates other themes around the motivation. Therefore, this study aims to offer new insights in the field and recommendations for marketers to encourage consumer motivation. The main research question is:
RQ: What motivates consumers to acquire an online security product and how to increase the motivation?
The main research question is divided into three sub-questions. The first sub-question takes a wider approach and explores consumer motivation to acquire an online security product. The second sub-question takes a deeper outlook to explore how different online threats affect the motivation to acquire an online security product. And finally, the third sub-question seeks to understand how this consumer motivation can be encouraged through marketing communication.
Sub-RQ1: What factors affect consumer motivation to acquire an online security product?
Sub-RQ2: How consumers perceive different online threats and how these threats affect the motivation to acquire an online security product?
Sub-RQ3: How marketing communication can encourage the motivation to acquire an online security product?
This study follows the structure of the research questions, starting from the broader sub-question and ending to the more practical question, in which earlier theory and findings are transformed into marketing recommendations.
5 1.4. Literature review
This section discusses prior academic research in the identified research field.
Emphasis is on consumer behaviour, consumer motivation theories, Protection motivation theory (PMT), unrealistic optimism, and motivational constructs, such as involvement and perceived risk. By evaluating previous studies, the research gap was identified; existing literature on consumer online security ignores the impact of different threats and instead, focuses on the overall concept of threat. Therefore, this study aims to explore consumer motivations in the field of online security, and to see how different online threats affect motivation.
Consumer motivation is very central in the consumer decision-making, as motives provide the energy to make daily decisions and thus, drive the behaviour (Emilien, Weitkunat et al. 2017). However, while motivation is central, consumers’ buying behaviour is a combination of different elements; the ability to buy something, the opportunity to buy it and the motivation to do so (Statt 1997).
One of the most known motivation theories is Maslow’s hierarchy of needs in which the assumption is that humans seek to first satisfy their basic physiological needs, such as food and shelter, before moving their attention to other higher order needs, such as safety, love and self-actualisation (Barnes 2011). Kellerman (2014) offered an updated version of this theory, in which the needs were considered in the context of the virtual world. In this theory, safety in the virtual world applies to online safety measures, such as online security. These safety measures are set in place to protect personal and business information. This simplistic theory assumes the same as the original theory;
individuals would first set up security in the virtual place, before moving to the even higher order needs. Another motivation framework, which is built on the needs theories, is the Generalised needs-based model of motivation. In this theory, motivation is shown as a more complex process which is a combination of essential drives, learning and esteem-related processes. (Emilien, Weitkunat et al. 2017) A third, more generic motivation theory, stimulus-organism-response (S-O-R), shows that motivation can lead to a purchase, but typically buying behaviour is a combination of current stimulus, such as an ad or product, and antecedent conditions, such as beliefs, attitudes and perceptions. Finally, this theory highlights a relevant notion, that those
6
motives, attitudes and underlying processes which are out of the advertiser’s control, are defined to be insignificant to the advertiser. (Williams 1957)
In addition to those three general motivation theories, other aspects around motivation are explored. Involvement and perceived risk are considered as motivational constructs, which influence consumer behaviour, such as information search and dissemination, as well as the decision-making process (Dholakia 2001). Involvement is the consumer’s perception of the self-relevancy of the object, (Ekström 2010) in which the object can be a product, brand, advertisement or purchase situation (Solomon, Bamossy et al. 2006). Involvement can range from low to high, and it can be situational or enduring (Dholakia 2001; Arnould, Price et al. 2004; Ekström 2010).
These differently involved consumers then require different marketing messages.
(Ekström 2010) To approach the marketing tactics further, Elaboration likelihood model of persuasion (ELM) is analysed. Similarly, consumers’ perception of risk has been shown to affect purchase decisions and consumer behaviour. This theory assumes that consumer behaviour involves a risk, which implies that there is some level of uncertainty about the outcomes (Karbalaei, Norouzi et al. 2013).
Moving from the generic motivation theories to the online security context, existing literature highlights the suitability of the Protection motivation theory (PMT). PMT helps to understand why attitudes and behaviour can change when people are confronted with threats (Floyd 2000) and thus, how threats influence the individuals’ intention to adopt online security technology (Chenoweth, Minch et al. 2009). In the simplistic form, PMT assumes that in order to adopt secure behaviour, and to acquire an online security product on individual’s devices, one has to perceive the threat severe and feel vulnerable to it. After this process, identified as threat-appraisal, the individual will evaluate one’s ability to cope with the threat and prevent it, as well as evaluate the effectiveness of the recommended action to prevent the threat. And finally, response costs are considered, to evaluate whether the preventive action is worth the perceived cost, which could be monetary, personal, time or effort. The framework also includes sources of information, which affect the cognitive mediating process. These sources, environmental and interpersonal are also considered throughout the research. PMT framework is shown in the figure below (Figure 1).
7 Figure 1: Protection motivation theory
Source: adapted from Floyd 2000, p. 410
Existing PMT literature approaches the online security industry strongly from the organisational angle (Crossler 2014) by exploring for example how managers or executives are motivating their employees to apply secure online behaviour (Johnston 2010; Menard 2017), follow security policy compliance (Ifinedo 2011) or how they are motivated to decide on security products for the company (Lee & Larsen 2009). The following table (Table 1) shows PMT studies, which have had consumer or home usage focus. All these will be discussed further in the full literature review.
8
Table 1: Literature review of PMT and consumer online security research
Author, year Research title Topic / Focus Lee, 2008 Keeping Our Network Safe: A
Model of Online Protection Behaviour
Use of virus protection
Anderson, 2010 Practicing Safe Computing: A Multimethod Empirical
Examination of Home Computer User Security Behavioral
Intentions
Protective behaviour to secure computer and internet in a home
Chenoweth Minch et al., 2009
Application of Protection
Motivation Theory to Adoption of Protective Technologies
Users' intentions to adopt anti- spyware
Gurung, Luo et al., 2009
Consumer motivations in taking action against spyware: an empirical investigation
Use of anti-spyware tools when faced with security threats
Crossler, 2014 An Extended Perspective on Individual Security Behaviors:
Protection Motivation Theory and a Unified Security Practices (USP) Instrument
Use of different security practices (USPs, Unified Security
Practices) for protecting individual’s computers and networks.
Tsai, 2016 Understanding online safety behaviors: A protection motivation theory perspective
Online security for home
computer users. New motivational factors are integrated in the PMT framework for the first time
Even though PMT has been found useful in predicting computer security behaviours, not only in organisations but also at home (Ifinedo 2011), existing literature focuses on the overall security behaviour and ignores different types of threats. Therefore, there is still a research gap and lack of understanding how consumers perceive different online threats, instead of the overall security perception.
Finally, unrealistic optimism is discussed. Unrealistic optimism from the personal risk perspective is a widely documented phenomenon for different topics and populations across literature. By taking the optimistic standpoint, consumers negate their own
9
vulnerability which allows them to maintain a positive self-view. (Emilien, Emilien et al.
(2017) Unrealistic optimists were found not to think that the risks are generally low, but only that their standing on the risk was favourable (Radcliffe 2002).
1.5. Theoretical framework
Theoretical framework for this study is shown in the figure below (Figure 2). The framework presents the key concepts for the study and how these are connected in the context of consumer online security. The key concepts affecting consumer motivation are defined as internal and external antecedent factors and current or past experiences with online threats. The research also approaches consumer motivation through other potential motivational factors. Antecedent factors refer to factors that have taken place in the consumer’s past. These are defined as internal, referring to factors rising from the consumer, and external, referring to factors outside the consumer. These can cover a wide range of factors, such as other people or media as external factors and personal experiences and personality as internal.
Figure 2: Theoretical framework
10 1.6. Definitions of the key concepts
Consumer motivation: Processes that cause consumers to behave as they do. In psychology, motivation occurs when a need is aroused, and the consumer wishes to satisfy it. (Solomon, Bamossy et al. 2006)
Online security: In the current study, online security refers to a product, which is ensuring that online user data and privacy are not compromised by cybercriminals. In terms of specific products, online security is considered as an umbrella term for various online security and privacy related products, such as internet security and VPN.
1.7. Delimitations
This study examines consumer related online security, and thus, ignores security in businesses. The study takes a marketing and sales-oriented approach to online security and threats, by aiming to identify what type of marketing communication could increase the motivation to acquire an online security product. Due to this orientation, this study focuses only on threats which can be protected by current online security products. Therefore, the chosen threats are based on different online security products and their selling points, but also on the overall threat landscape discussed before. The pre-defined threats, listed in Appendix 1, are explored through the quantitative research method, while the qualitative research method allows to bring up new topics outside of these threat scenarios.
Due to the researcher’s location and time restrictions, this study is limited to the Finnish population. Moreover, due to the nature of the study, the focus was on adults who use the internet and thus, are potential victims of online crime. In more detail, this population is 35-74 years old, which was defined based on the internet usage across the Finnish population. Even though younger audiences use the internet a great deal, their buying power was considered to make them irrelevant for this study.
1.8. Research methodology
This study combines primary and secondary data to answer the research questions.
Primary data is collected through a mixed methods approach, which combines quantitative and qualitative research methods. This approach was chosen to provide a
11
deeper, broader and more comprehensive understanding of the same complex human phenomena (Greene 2008). The Figure below (Figure 3) shows the full research methodology process.
Figure 3: Research methodology process
The data collection began with an online questionnaire and was followed by unstructured interviews. Thus, to generalise the findings, quantitative research method with larger sample size was used and then these findings were complemented with qualitative research method. As this study explores the motivations to acquire an online security product, qualitative research opened up an opportunity to bring up new themes as well as deepen the quantitative research method findings. In practice, both methods were given generally equal weight in this study and they explored the same complex phenomenon through varied facets. In both data collection methods, data protection was considered, and all research participants were informed through a Data Protection form.
Two different sampling methods were used: random sampling for the quantitative research method and non-probability sampling for the qualitative research method.
Random sampling enables selection in which each member of the population has equal probability of being selected and the selection of each individual is independent of the selection of any other (McBurney, White 2007). The sampling population for the research, including quantitative research and qualitative research, was users who use
12
the internet and different internet-connected devices. In terms of demographic behaviour, respondents had to be 35-74 years old, and speak Finnish in order to fill in the questionnaire and to be interviewed. The age was defined based on internet usage across the Finnish population, to understand to whom online security is relevant. The final sample size for the questionnaire was 101. Then again, non-probability sampling allows to select the population for the study (Ritchie, Lewis 2003). In order to deepen the questionnaire findings, the interview sample was formed from the volunteering questionnaire respondents. When planning the interview sample, two key factors were considered: the sample should be fairly homogenous, and the interviewees should share critical similarities related to the research question (DiCicco‐Bloom, Crabtree 2006; Ritchie, Lewis 2003). The final sample was formed based on the average (defined in the questionnaire as 4.27) self-efficacy, with a sample size of 9, out of which one interview was left out due to failed recording.
Both methods were pilot tested to make sure that the data collection runs as expected.
And finally, quantitative and qualitative data were analysed separately, then the findings were linked. Quantitative data was analysed through a statistical program and qualitative data was analysed with content analysis approach, in which both content and context were analysed.
1.9. Structure of the study
As seen in the following figure (Figure 4), the research follows a typical research structure.
Figure 4: Structure of the study
The research begins with a literature review, discussing consumer behaviour and motivation theories on a more generic level, and moves then to the context of online security. The literature review is followed by Methodology, in which data collection,
13
data protection and data analysis are discussed. The Findings section discusses both the quantitative and the qualitative research findings hand in hand, in order to support the complementarity purpose of the mixed methods approach. Finally, Discussion and Conclusion are presented to answer the research question and all the sub-questions, with research limitations and recommendations for future studies.
14 2. Literature review
This section discusses prior academic studies in the identified research field. The discussion moves from the broader topic of consumer behaviour to the specific theories in the context of online security.
2.1. Motivation in consumer behaviour and decision-making
The importance of the motivation research in consumer decision-making lies within the knowledge that motives provide the energy to make daily decisions and thus, drive the behaviour (Emilien, Weitkunat et al. 2017). When consumers are highly motivated to achieve a goal, they are more likely to put more effort into it through actions, such as paying attention to it, spending time thinking about it and attempting to gain and critically evaluate the goal related information. Moreover, consumers are motivated to behave, process information or to engage in effortful decision-making when they feel that the topic is personally relevant to them. (Hoyer, McInnis 2008) However, defining motives is highly complex as individuals might not be aware or certain about the real source underneath their behaviour. Thus, in some cases individuals are unable to identify the motivation which operates below the subconscious level, or then they are unwilling to admit the specific motivation. This might cause individuals to give incorrect reasons for their actions when another reason would in fact be the truthful one. (Wright 2006; Tyagi, Kumar 2004; Blythe 2013)
While motivation research is a large research area on its own, it is necessary to recognise that consumers’ buying behaviour is a combination of different elements; the ability to buy something, opportunity to buy it and the motivation to do so. While some consumers might be highly motivated to purchase an item, if they do not have money (ability) or access to it (opportunity), motivation itself is not leading to a purchase. (Statt 1997)
2.1.1. Emotional and rational consumer behaviour
Emotional and rational motivations are key aspects of consumer behaviour. Emotions are primal motivations in human conditions and affect the purchasing behaviour as well as processing of advertising messages. Additionally, and simultaneously, consumers’
15
decisions are based on ratiocination and reason. The rational approach focuses on information analysis and processing, in order to arrive at an optimal decision. From the perspective of marketing messages, the balance of emotions and reason is highly relevant as rational beliefs can be changed more easily while feelings are more resistant. (Chaudhuri 2006)
The figure below (Figure 5) explains how emotion and reason affect behaviour. First, a consumer faces a stimulus, to which one would then respond through emotion and reason, and then behave accordingly. This response is also affected by multiple variables; individual characteristics, environment and genetics. (Chaudhuri 2006;
Emilien, Weitkunat et al. 2017)
Figure 5: A model of consumer behaviour
Source: adapted from Chaudhuri 2006, p. 2
Williamson (2002) divides behaviours to cases where emotion plays a significant part and reason not, and oppositely where reason plays a significant part and emotion not.
Primal human motivations, such as fear, fall under the cases in which the emotions are the primary driver for consumer behaviour. Then again, cases in which the reason is the primary driver are more difficult to identify. The study proposes an example of the IT department choosing new equipment as a reason driven behaviour, however, this case most likely exists only in organisational context. (Williamson 2002)
16
One of the emotions discussed later with Protection motivation theory is fear. Fear as an emotion is one of the rare innate emotions and is built through evolution (Hansen, Christensen 2007). One of the key marketing considerations, or questions, around fear is whether a mild threat or really scaring people is the more persuasive approach. Fear and the level of fear are discussed more in section 2.5.1.
2.2. Consumer behaviour in online security
Consumer behaviour in the context of online security looks at the consumers and their capabilities, but also the product and security related factors. Starting from the consumers, a research on American consumers shows how the diffusion of innovation, also referred to as adoption of new technology, affects the consumers in the field of online security. In the study, it was found that more internet usage was associated with more knowledge on computers and more frequent rate of updating antivirus software.
It was hypothesised that this was connected to the difference in diffusion of technology and that early adopters are more able to understand and apply technical knowledge.
Thus, the late adopter consumers may not understand the concepts of online security, such as phishing and spyware, and lack the ability to fix a computer if it becomes infected. This potentially leaves these consumers at a higher risk of becoming victims of online threats. (Downs 2009) To continue with the consumer differences, another research studied the familiarity with online threats and differentiated three groups: the experts, those who are unfamiliar with newer threats and those who are unfamiliar with well-known threats. These groups were identified to have different internet attitude and different attitude to use specific computer security features. For example, those with lower familiarity about newer threats were less likely to use specific features than the experts. Thus, it is possible that online security behaviour is also dependent on how new or well-known the threats are. (Jeske 2017)
As pointed out, some consumers may lack knowledge in the field of online security (Downs 2009; Jeske 2017). This underlines the importance of communicating the real product benefits with ease. The problem may appear if the product benefits are difficult to convey to the consumers or if the focus is on the product features rather than the benefits. The emphasis on features instead of benefits causes a lack of relevance and potentially discourages to adopt the product. This verdict is very much in line with complexity, which is highly relevant in the field of adoption of high technology products.
17
While consumers might be overwhelmed with the new technologies, the perceived complexity may also be seen as a risk. (Sengupta, Mohr et al. 2010) Perceived risk and its impact on consumer behaviour will be discussed later in section 2.4.2.
Furthermore, lack of knowledge explains why cyber security companies with high- technology offerings should take the relative advantage aspect into account. The concept of relative advantage refers to the benefits of adopting the technology compared to the costs, including the emotional worry and financial value. The consumer will have fear, uncertainty and doubt whether the technology will deliver the promised benefits and whether the consumer will have the skills and capabilities to realise those benefits. (Sengupta, Mohr et al. 2010)
Individuals’ skills and capabilities, also discussed as self-efficacy, are crucial to understand technology acceptance, implementation and use (Torkzadeh 2002). The self-efficacy, defined as individual’s belief in one’s ability to perform a task (Floyd 2000), can be applied to various relevant topics, such as computers (Compeau 1995) and the internet (Eastin 2000). Based on the definition of computer self-efficacy as
“individual's perceptions of his or her ability to use computers in the accomplishment of a task”, including the use of specific software (Compeau 1995, p. 191) outlines the topic to be highly relevant for this study. Self-efficacy can be split according to the original theory into magnitude, strength and generalisability. To continue with the computer self-efficacy, consumers with high self-efficacy magnitude perceive themselves as able to accomplish more difficult computing tasks in comparison those with low self-efficacy. Then again, strength measures the conviction or confidence on performing the computer related tasks. Finally, while strength and magnitude are important, the self-efficacy generalisability defines if the judgement is limited to a particular domain of activity, such as different hardware or software configurations.
(Compeau 1995) Thus, a consumer might have high magnitude and strength in computer self-efficacy, but due to low generalisability, it is limited to only certain domains. Self-efficacy and cost are further discussed in the context of Protection motivation theory, which continues to discuss the motivation in the online security context.
18 2.3. Motivation theories
Motivation research has strong grounds already in the 1950s (Fullerton 2013). Since then, human motivations have been approached from multiple different viewpoints (Emilien, Weitkunat et al. 2017). Generally, motivation research seeks to answer the question “why” to understand individual’s behaviour. The typical answer to that question is some inner process or internal disposition of the individual, which is the motive. (Emilien, Weitkunat et al. 2017; Williams 1957) To further support this definition, generally in consumer behaviour literature, needs are considered as an internalised state which motivates behaviour when a critical point is reached. (Buttle 1989; Tyagi, Kumar 2004)
2.3.1. Needs theories
One of the core perspectives theorists have presumed to affect human motivation is the needs (Emilien, Weitkunat et al. 2017). In fact, while multiple paradigms exploring motivation as a psychological construct have risen and fallen during the past decades, the concept that motivation is a result of unmet needs has remained throughout the theories (Pincus 2004).
The essence of the needs theories is that they are innate and built through experience (Emilien, Weitkunat et al. 2017). One of the most familiar and recognised needs theories of human motivation is Maslow’s hierarchy of needs, in which the assumption is that humans seek to first satisfy their basic physiological needs, such as food and shelter, before moving their attention to other higher order needs, such as security and safety. The five categories of needs in the hierarchical form, from bottom to top are physiological, safety, love and belonging, esteem and self-actualisation. Once a need has been satisfied, other needs will appear motivating the human to move up on the hierarchy. While the theory is highly simplistic, it was not intended to be as straightforward, as the importance of needs is likely to vary. Furthermore, even though the theory is built in levels, it also assumes that the needs do not require to be satisfied systematically from the bottom to the top. (Barnes 2011) However, Maslow’s model is criticised for not being scholarly valid and confirmed through clinical observations or experimental data (Buttle 1989; Yalch 1996; Kellerman 2014).
19
More recent research proposes a different perspective on Maslow’s framework by separating it to physical and virtual spaces. While safety as a concept of securing the human body and material property exists in the physical space, its management and control can be based in the virtual space. As seen below in the highlighted area (Figure 6), safety in the virtual world applies to online safety measures, such as online security.
These safety measures are set in place to protect personal and business information that is stored and sent through the communication media. (Kellerman 2014) This approach remains equally simplistic as the original theory but makes the needs theory more applicable to this study. At the lower levels of the hierarchy, where safety exists, virtual world’s needs mostly complement the physical needs (Kellerman 2014). Thus, while safety as a need can be fulfilled in the physical world, the virtual world’s safety can complement it by offering more security through the discussed management and control.
Figure 6: The satisfaction of human needs in physical and virtual spaces
Source: adapted from Kellerman 2014, p. 5
To expand the definition of needs, Emilien, Weitkunat et al. (2017) define a framework (Figure 7) which highlights that motivation is a combination of essential drives, learning and esteem-related processes. As the figure shows, the essential drives are formed from the physiological and psychological needs, which were discussed through
20
Maslow’s theory. These essential drives are then affected by multiple different variables before the motivation is formed. To combine the safety in the virtual world with this framework, it is possible to identify that at the beginning there is the need for security online. This need is then affected by previous online security related experiences and learnings, and eventually also self-esteem around online security. All these combined, in a very generalised way, build the motivation. This framework is not the only one available but shows well how a complex system motivation formation is, and that it cannot simply be identified through one perspective, such as proposed by Maslow.
Figure 7: Generalised needs-based model of motivation
Source: adapted from Emilien, Weitkunat et al. 2017, p. 370
2.3.2. Stimulus-organism-response model
Another dominant paradigm in marketing and consumer research is the stimulus- organism-response, S-O-R, model (Buttle 1989). Theoretically, a motive can be simplistic, such as the motive for smiling can be happiness. However, when aiming to predict and control behaviour, this type of simplistic motivation is not enough. (Williams 1957) As Williams (1957, p. 125) states, “we need to know what conditions external to the respondent, and observable or manipulable by us are related to these inner processes, and how they are related, as well as how these inner processes are related to behaviour.” When combining this aspect of research with advertising, Williams
21
(1957) continues with a framework in which an advertisement or product (stimulus) leads to a purchase (response), as shown below (Figure 8).
Figure 8: Stimulus-Response 1
Source: adapted from Williams 1957, p. 126
However, while organism could simply be the motivation, typically there are more intervening variables which play a crucial role in marketing research or buying behaviour, such as beliefs, attitudes, perceptions and so on. When taking these variables into account, the model can be reframed as in the following figure (Figure 9).
In this case, the variables are considered as states of organism which are produced by some prior operation or antecedent condition. Thus, a consumer who has seen an advertisement (present stimulus) and has had a previous excellent experience with the brand (antecedent condition) will purchase the product (response). From the perspective of the marketer, it is most important to understand what the controllable antecedent conditions or external factors related to the buying behaviour are and how they are related to that behaviour. In fact, those motives, attitudes and underlying processes that are out of the advertiser’s control are insignificant to the advertiser.
(Williams 1957)
22 Figure 9: Stimulus-Response 2
Source: adapted from Williams 1957, p. 127
These different motivation frameworks suggest that motivation is a complex system.
While motivation can be activated by a need or want, it is then affected by multiple other variables. Some of these variables will be discussed later in this study, such as certain personality traits, prior experience, self-esteem related topics and competence/self-efficacy.
2.4. Motivational constructs
Involvement and perceived risk are considered as motivational constructs, which influence consumer behaviour, such as information search and dissemination as well as the decision-making process (Dholakia 2001).
2.4.1. Involvement
When considering motivation in combination with persuasive marketing communication, involvement is an important topic. It is argued that there is a lack of consensus what the concept of involvement means, as in some cases involvement is considered as a characteristic of a product (low-involvement products) and in other cases it is a characteristic of response (low-involvement behaviour). However, most researchers agree that involvement is the consumer’s perception of the self-relevancy of the object. (Ekström 2010) Thus, it can be defined as “a person’s perceived relevance of the object based on their inherent needs, values and interests”
(Zaichkowsky 1985, p. 342), in which the object can be a product, brand, advertisement
23
or purchase situation (Solomon, Bamossy et al. 2006). Thus, the degree of involvement depends on the characteristics of the consumer and those of the object.
Due to this, involvement varies across consumers and across products. While some consumers perceive a product as highly involving, for example due to social or utilitarian reasons, others might not care at all. (Ekström 2010)
The level of involvement defines how much the consumer is willing to put effort into processing the message (Solomon 2009), and it can range from simple processing to full elaboration in which the incoming information is connected to one’s existing knowledge (Solomon, Bamossy et al. 2006). The intensity of involvement can vary on a continuum from low to high and is dependent on the degree of personal relevance to the consumer. The better a product supports satisfying personally relevant motives, needs, values and lifegoals, the higher the involvement becomes. (Ekström 2010;
Arnould, Price et al. 2004)
While consumers can have different levels of involvement in products, they can also have different levels of involvement towards the same advertisement. Thus, involvement varies depending on the person, not the advertisement. The involvement with an advertisement has the same definition, and thus, is about how relevant the person feels the advertisement is in relation to their own values, needs and interests.
(Zaichkowsky 1994) In one study on involvement and advertising, the consumers’
open-ended responses towards the same ad varied largely: while one found the Pepsi Cola ad “inspiring with the upbeat tempo”, another responded that “this is not my type of music and therefore the ad was unappealing” (Zaichkowsky 1994). This highlights how different the level of involvement towards an ad can be, based on the personal relevance to it.
Involvement can take two forms, either enduring or situational. Situational involvement refers to short-term involvement which takes place when a consumer has temporary motivation in a given situation. This increased interest then disappears after the product decision has been made. (Dholakia 2001; Arnould, Price et al. 2004; Ekström 2010) Then again, enduring involvement refers to an ongoing interest for a product class. This type of involvement is independent from specific purchase situations (Richins 1986). To continue with the situational involvement, these consumers who need a product have higher interest in learning about the product and go through a
24
detailed evaluation of the cost and product features. (Dholakia 2001; Arnould, Price et al. 2004; Ekström 2010) These individuals also pay more attention to relevant advertising (Statt 1997). Then again, the ongoing enduring involvement changes only if for example the consumer’s lifegoals change or the product undergoes a remarkable transformation. Thus, enduring involvement is considered to be an ongoing motivational state. (Ekström 2010) To support this notion, consumers with high involvement to a product category were found to be more loyal, less spontaneous and less price-value conscious (Bauer 2006). When comparing the degree of enduring involvement and situational involvement, for most consumers enduring involvement contributes very little to the involvement outcome (Richins 1992). This view emphasises the importance of situational involvement in purchase decisions.
Differently involved consumers require different marketing communication. Marketing of products which typically evoke situational involvement during purchase should take the variations in enduring involvement into account. Even if the situational involvement is high, the level of enduring involvement affects for example the degree of knowledge and search activity. Thus, regardless of the situational involvement level, consumers with low enduring involvement are still more difficult to activate than those with high enduring involvement. (Richins 1992; Ekström 2010) To approach the marketing tactics further, the Elaboration likelihood model of persuasion (ELM) is discussed. It defines two different routes to persuasion: central and peripheral. Consumers who are highly involved, are assumed to be engaging in higher levels of elaboration. For these consumers, the central route to persuasion should be more effective. This type of persuasion is likely to result from a careful consideration of the information presented.
Whereas those with low involvement and low elaboration likelihood, the peripheral route to persuasion should be more successful. To form attitudes and make product decisions through this route, consumers are assumed to focus or rely on some simple cue in the persuasion context, such as an attractive source. (Bauer 2006; Ekström 2010; Petty, Cacioppo 1986) Central and peripheral routes are not mutually exclusive types of message processing, but continuous dimensions ranging from high to low elaboration likelihood (Petty, Cacioppo 1986).
25 2.4.2. Perceived risk
Consumers’ perception of risk has been an important topic in the past literature, and has been shown to affect purchase decisions and consumer behaviour (Karbalaei, Norouzi et al. 2013). While risk is also related to the threats online, in this context the focus is on consumer behaviour overall. Perceived risk in relation to online threats will be discussed later in combination with Protection motivation theory. Consumer behaviour involves a risk, which implies that there is some level of uncertainty about the outcomes. This uncertainty then brings a possibility of harm or damage.
Consumers are likely to apply intuitive judgement to decide whether something is risky or not based on their previous experiences, their level of involvement or the price of the purchase. However, when the perceived risk falls below the consumer’s acceptance level, it is potentially ignored, or it has minimal impact on the intended behaviour. (Karbalaei, Norouzi et al. 2013)
Perceived risk is relevant to the software industry. As software products are intangible, they may appear risky to consumers. (Laroche, M. 2003) When splitting the concept of intangibility into separate constructs, mental intangibility has been identified to have significant impact on the perceived risk while physical intangibility does not. This finding encourages software companies to provide mental representation of a product through free trials. (Laroche, M. 2003; Laroche, Michel, McDougall et al. 2004) Other relevant risks are related to performance and time, such as will the product perform as supposed and will it have a time-consuming aspect (Statt 1997).
2.5. Motivation theories for cyber security and online security
Different theories have been used in the context of security to define the motivation of consumers to adopt for example anti-spyware tools (Gurung, Luo et al. 2009). Yet, the most common theory around motivation in the recent information security and overall cyber security literature is the Protection motivation theory (PMT). It will also be in focus in this study. The PMT model provides an understanding of why attitudes and behaviour can change when people are confronted with threats (Floyd 2000) and thus, influence individuals’ intention to adopt online security technology (Chenoweth, Minch et al. 2009).
26
Other applied theories are the Theory of planned behaviour, Theory of reasoned action and Technology acceptance model (Gurung, Luo et al. 2009). The Theory of planned behaviour was found relevant in the organisational context as subjective norms and attitudes toward compliance were found to have a significant positive effect on the behavioural intention to comply with information systems security policies. Thus, the theory stressed the importance of individual’s attitude toward the compliance and importance of colleagues’ views at the workplace. (Ifinedo 2011) However, Gurung, Luo et al. (2009) argue that as fear is likely to change individuals’ attitude or behaviour, those three attitudinal theories might be inadequate in explaining the adoption of security tools. Similarly, while it has been proposed that technology adoption theories are suitable models for predicting user behaviour for information technology acceptance, they are limited in explaining the acceptance and use of security technologies as they exclude the concept of threat and are more set towards productivity-based applications, such as spreadsheets and word processors.
(Johnston 2010)
2.5.1. Protection motivation theory
While previous research highlights how comprehensively PMT has been used in the context of online and information security (Menard 2017; Crossler 2014; Boss 2015), a very small proportion of the existing literature explores consumer product aspects (Crossler 2014). Thus, the existing literature approaches the industry strongly from the organisational angle (Crossler 2014) by exploring for example how managers or executives are motivating their employees to apply secure online behaviour (Johnston 2010; Menard 2017), to follow security policy compliance (Ifinedo 2011) or how they are motivated to decide security products for the company (Lee, Larsen 2009). This type of literature provides certain understanding around online security, but due to the context, it ignores the individual’s motivation to protect oneself (Crossler 2014).
Consumer related PMT studies explore the use of different tools, such as virus protection (Lee 2008) and anti-spyware (Chenoweth, Minch et al. 2009; Gurung, Luo et al. 2009). Broader topics have also been studied, such as online security for home computer users (Tsai 2016), the use of different security practices (Crossler 2014) and protective behaviour to secure computer and internet in a home setting (Anderson 2010).
27
As seen in the figure below (Figure 10), PMT has two cognitive mediating processes:
the threat-appraisal process and the coping-appraisal process. Additionally, the theory has two sources of information input: environmental and intrapersonal. At the stage of cognitive mediating process, the threat appraisal is processed first in order to evaluate the coping options. (Floyd 2000) All these aspects are discussed later in more detail.
Figure 10: Protection motivation theory
Source: adapted from Floyd 2000, p. 410
As seen in the figure above, the sources of information may originate the cognitive mediating process. In comparison to the other discussed motivation models, similar variables emerge, such as personality and experiences. In PMT, verbal persuasion, especially through fear appeals such as potential online threats, is a valuable determinant in the previously highlighted persuasive communication. However, the effectiveness of the persuasive message is dependent on the individual’s motivation to process the message. On the environmental level, observational learning considers experiences that have happened to other people and what the individual is learning from those. Then again, prior experience on the intrapersonal level refers to the experiences of similar threats that have happened to the individual. It has been highlighted that prior experience is affected by feedback from the coping activity and can affect the subsequent experience. (Gochman 1997; Kaspar 2015)
28
As pointed out, a key aspect in PMT is the fear appeal which triggers the threat appraisal process. Fear appeals “are persuasive messages designed to scare people by describing the terrible things that will happen to them if they do not do what the message recommends”. (Witte 1992, p. 329) Johnston (2010) argues in his research around fear appeals in the field of information security that the perception of threat is a crucial component of motivation for using protective software.
Fear as an emotion outside of PMT was already discussed in section 2.1.1. The findings on whether mild fear or strong fear is more persuasive is shown to lean towards the stronger fear. Generally, it is proposed that the more fear is aroused, the more likely an individual is to be influenced by the communication (Statt 1997). Similar findings have emerged around PMT, as the use of weak and strong fear appeals has been found to have different impact on the PMT model. With strong fear appeals, the PMT model was fully supported while with weak fear appeals, the model did not hold.
(Boss 2015) Similarly, in the context of safe behaviour, it has been proposed that a moderate amount of fear encourages safe behaviour and a low amount of fear diminishes it. The diminishing effect is potentially caused by the fact that the individual is not finding the fear high enough to address it. However, strong fear can also prevent safe behaviour as it is potential that individuals suppress their fear rather than cope with the danger. (Larose 2008)
To continue with the model, in PMT, the threat appraisal process aims to arouse fear by presenting a threat which the individual is assumed to be vulnerable to (perceived vulnerability) and which has severe consequences (perceived severity). Another aspect of the threat appraisal process are the extrinsic or intrinsic rewards, which refer to the positive aspects of starting or continuing the threat-related behaviour. The experienced threat is then calculated by extracting perceived vulnerability and perceived severity from the rewards. As in this study, the focus is on finding motivators for adaptive behaviour, acquiring an online security product, understanding the impact of these factors is necessary. While perceived vulnerability and severity have a positive effect on the adaptive behaviour, rewards have a negative impact on it (Maddux, Rogers 1983; Crossler 2014; Ruiter 2014; Floyd 2000).
